[#46514] - [6.1] Add proof-of-work captcha
- Pending
- Medium
- Build: 6.1-dev
- # 46514
- Diff
- SniperSister:6.1-powcaptcha
User tests: Successful: Unsuccessful:
Summary of Changes
This PR adds a new captcha to Joomla core. It's based on the concept of "proof of work": it presents a math task to the user's browser that the browser can solve automatically. It's not supposed to proof humanship of the user, but to proof that the user is willing to invest the necessary time to solve the task.
That makes it an excellent fit for Joomla's usecase:
- it does not rely on an external service, does not need an API key and does not have any privacy implications
- it's based on an opensource library
- it does not try to proof humanship - a fight that we can't win anyways
- it's accessible
It's currently based on the altcha library, see https://altcha.org - please note the emphasize on "currently", as the rather generic naming of the plugin would allow core to switch to a different library in the future. A different implementation for altcha was already available as a 3rd party extension (see https://github.com/akeeba/plg_captcha_altcha/).
Testing Instructions
- Apply the patch
- Install the composer and npm dependencies
- Discover, install and enable the plugin
- Configure a contact form
- Set the captcha as default captcha in the global configuration
- Submit the form
Remarks and next steps
Altcha recommends to increase the difficulty of the captcha for repetitive submissions. This would require the implementation of a generic ratelimiting framework in the core and is on the agenda.
Sponsor
This PR is funded by GLS Parcel Services Germany, https://www.gls-pakete.de
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | SQL Administration com_admin Postgresql Language & Strings Repository External Library Composer Change Installation NPM Change Front End Plugins |
| Labels |
Added:
Language Change
Composer Dependency Changed
NPM Resource Changed
PR-6.1-dev
|
||
I dont see why this should be in core and not an extension
I dont see why this should be in core and not an extension
it has already been approved by production department and is on the feature roadmap https://developer.joomla.org/strategy.html#roadmap
| Labels |
Added:
Feature
|
||
| Title |
|
||||||
Side Note: will add a replay attack prevention, therefore it’s set to draft
Side Note: will add a replay attack prevention, therefore it’s set to draft
Done!
Please follow the style guide https://manual.joomla.org/docs/user-interface-text/words2watch/ so CAPTCHA is always capitalised.
And try to avoid "click" on and use "select" or something similar as you can't "click" on a touch device.
Done!
Please add this plugin to the array of core extensions in libraries\src\Extension\ExtensionHelper.php in a new group for captcha plugins
| Category | SQL Administration com_admin Postgresql Language & Strings Repository External Library Composer Change Installation NPM Change Front End Plugins | ⇒ | SQL Administration com_admin Postgresql Language & Strings Repository External Library Composer Change Installation Libraries NPM Change Front End Plugins |
| Title |
|
||||||
Please add this plugin to the array of core extensions in libraries\src\Extension\ExtensionHelper.php in a new group for captcha plugins
Done!
Please update the code to use new Captcha API:
https://manual.joomla.org/docs/building-extensions/plugins/plugin-examples/captcha-plugin/
Done
please alphasort the language strings